TaurusDB
TaurusDB
- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Usage Rules
- Billing Management
- Data Migration
- Instance Lifecycle Management
- Instance Modifications
- Read Replicas
- Database Management
- Account Management (Non-Administrator)
- Data Security
- Data Backups
- Data Restorations
- Connection Management
-
Parameter Template Management
- Creating a Parameter Template
- Modifying a Parameter Template
- Exporting Parameters
- Comparing Parameter Templates
- Viewing Parameter Change History
- Replicating a Parameter Template
- Resetting a Parameter Template
- Applying a Parameter Template
- Viewing Application Records of a Parameter Template
- Editing a Parameter Template Description
- Deleting a Parameter Template
- Metrics and Alarms
- Interconnection with CTS
- Log Management
- Task Center
- Managing Tags
- Managing Quotas
- Change History
- Best Practices
- Performance White Paper
- Security White Paper
- SDK Reference
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs (Recommended)
- DB Engine Version Queries
- Database Specification Queries
-
Instance Management
- Creating a DB Instance
- Querying DB Instances
- Rebooting a DB Instance
- Deleting a DB Instance
- Querying Details of a DB Instance
- Querying Details of DB Instances in Batches
- Creating a Read Replica
- Deleting a Read Replica
- Scaling up Storage of a Yearly/Monthly DB Instance
- Changing a DB Instance Name
- Resetting a Database Password
- Changing DB Instance Specifications
- Querying Dedicated Resource Pools
- Querying Dedicated Resources
- Configuring the Monitoring By Seconds Function
- Querying the Configuration of Monitoring by Seconds
- Enabling or Disabling SSL
- Binding an EIP
- Unbinding an EIP
- Promoting a Read Replica to Primary
- Changing a Maintenance Window
- Modifying a Security Group
- Changing a Private IP Address
- Changing a Database Port
- Changing a DB Instance Description
- Backup Management
- Parameter Template Management
- Quota Management
- Log Management
- Tag Management
- Database User Management
- Database Management
- SQL Statement Concurrency Control
- Task Center
- APIs (Unavailable Soon)
- Permissions Policies and Supported Actions
- Appendix
- Change History
-
FAQs
- Product Consulting
-
Database Connections
- Can an External Server Access the GaussDB(for MySQL) Database?
- What Do I Do If the Number of GaussDB(for MySQL) Database Connections Reaches the Upper Limit?
- What Is the Maximum Number of Connections to a GaussDB(for MySQL) Instance?
- What Should I Do If an ECS Cannot Connect to a GaussDB(for MySQL) Instance?
- How Can I Connect to a MySQL Database Through JDBC?
- How Can I Create and Connect to an ECS?
- What Should I Do If a Database Client Problem Causes a Connection Failure?
- Why Cannot I Ping My EIP After It Is Bound to a DB Instance?
- What Can I Do If the Connection Test Failed?
- Can I Access a GaussDB(for MySQL) Instance over an Intranet Connection Across Regions?
- Are There Any Potential Risks If There Are Too Many Connections to a GaussDB(for MySQL) Instance?
- What Should I Do If an ECS and a GaussDB(for MySQL) instance Deployed in Different VPCs Cannot Communicate with Each Other?
- How Do I View All IP Addresses Connected to a Database?
- Client Installation
- Database Migration
- Database Permissions
-
Database Performance
- What Should I Do If the CPU Usage of My Instance Is High?
- How Do I Handle Slow SQL Statements Caused by Inappropriate Composite Index Settings?
- How Do I Handle a Large Number of Temporary Tables Being Generated for Long Transactions and High Memory Usage?
- What Should I Do If Locks on Long Transactions Block the Execution of Subsequent Transactions?
- Database Usage
- Backups
-
Database Parameter Modification
- How Can I Change the Time Zone?
- How Do I Configure a Password Expiration Policy for GaussDB(for MySQL) Instances?
- How Do I Ensure that the Database Character Set of a GaussDB(for MySQL) Instance Is Correct?
- How Do I Use the utf8mb4 Character Set to Store Emojis in a GaussDB(for MySQL) Instance?
- How Do I Set Case Sensitivity for GaussDB(for MySQL) Table Names?
- Can I Use SQL Commands to Modify Global Parameters?
-
Network Security
- What Security Assurance Measures Does GaussDB(for MySQL) Have?
- How Can I Prevent Untrusted Source IP Addresses from Accessing GaussDB(for MySQL)?
- How Do I Configure a Security Group to Enable Access to a GaussDB(for MySQL) Instance?
- How Can I Import the Root Certificate to a Windows or Linux Server?
- How Do I Manage and Ensure GaussDB(for MySQL) Security?
- Log Management
- Version Upgrade
- Change History
-
Troubleshooting
-
Backup and Restoration Issues
- Insufficient Permissions During Data Export Using mysqldump
- How Do I use mysqlbinlog to Obtain Binlog Files?
- Canal Fails to Parse Binlogs
- Precautions for Exporting Large Tables Through mysqldump
- Commands for Exporting Data Through mysqldump
- System Inaccessible After Field Addition to a Database Table
- SQL Statements Such as SET @@SESSION.SQL_LOG_BIN Displayed After You Run mysqldump
- Insufficient Permissions Reported for Canal
-
Connection Issues
- Login Failed After ssl_type of root Is Changed to ANY
- Failed to Connect to a DB Instance Using SSL
- Description of Each IP Address
- SSL Connection Failed Due to Inconsistent TLS Versions
- Error Message "connection established slowly"
- "Access denied" Displayed During Database Connection
- Failed to Connect to a Database Using mariadb-connector in SSL Mode
- Failed to Connect to a Database as User root
- Client Automatically Disconnected from a DB Instance
- Disconnection Occurs Every 45 Days Due to the istio-citadel Certificate Mechanism
-
SQL Issues
- Invalid TIMESTAMP Default Value during Table Creation
- Failed to Change the VARCHAR Length Due to the Index Length Limit
- Slow SQL Queries After a Large Amount of Data Is Deleted from a Large Table
- Error 1366 Reported When Data Containing Emojis Is Updated
- Slow Stored Procedure Execution Due to Inconsistent Collations
- ERROR [1412] Reported for a DB Instance
- Failed to Delete a Table with a Foreign Key
- Incorrect GROUP_CONCAT Results
- Error Message "Too many keys specified" Displayed When a Secondary Index Is Created
- DISTINCT and GROUP BY Optimization
- Equivalent Comparison Failures with Floating-Point Numbers
- Tablespace Bloat
- ERROR 1396 Reported When a User Is Created
- Error Message Reported When alter table xxx discard/import tablespace Is Executed
- Native Error 1461 Reported by a DB Instance
- "Row size too large" Reported When a Table Failed to Be Created
- Parameter-related Issues
- Performance Issues
-
Basic Issues
- How Do I View Used Storage of My GaussDB(for MySQL) Instance?
- Renaming Databases and Tables
- Character Set and Collation Settings
- Auto-Increment Field Value Jump
- Starting Value and Increment of AUTO_INCREMENT
- Changing the AUTO_INCREMENT Value of a Table
- Failed to Insert Data Because Values for the Auto-increment Primary Key Field Reach the Upper Limit
- Auto-increment Field Values
- AUTO_INCREMENT Not Displayed in the Table Structure
- Impact of Creating an Empty Username
- No Scanned Rows Recorded in Slow Query Logs
- Change History
-
Backup and Restoration Issues
- Videos
On this page
Show all
Help Center/
TaurusDB/
Troubleshooting/
Connection Issues/
"Access denied" Displayed During Database Connection
"Access denied" Displayed During Database Connection
Updated on 2023-10-19 GMT+08:00
Scenario
A client failed to connect to a database, and the error message "Error 1045: Access denied for user xxx" was displayed.
Handling Methods
- An incorrect host is connected.
Cause: An incorrect database host is connected, and the user or client IP address does not have the access permission.
Solution: Ensure that the host name of the database to be connected is correctly specified.
- The user does not exist.
Cause: The user account used for connecting to the database does not exist.
Solution:- Log in to the database as an administrator and run the following command to check whether the target user exists:
SELECT User FROM mysql.user WHERE User='xxx';
- If the user does not exist, create the user.
CREATE USER 'xxx'@'xxxxxx' IDENTIFIED BY 'xxxx';
- Log in to the database as an administrator and run the following command to check whether the target user exists:
- The client IP address does not have the access permission.
Cause: The user used by the client exists, but the client IP address is not allowed to access the database.
Solution:
- Log in to the database as an administrator and run the following command to check which client IP addresses are allowed to connect to the database for the target user:
SELECT Host, User FROM mysql.user WHERE User='xxx';
- If the client IP address is not within the allowed network segment, assign the access permission to the client IP address. For example, run the following command to grant the test user the permission to access the 192.168.0 network segment:
GRANT ALL PRIVILEGES ON *.* TO'root'@'192.168.0.%' IDENTIFIED BY 'password' WITH GRANT OPTION; FLUSH PRIVILEGES;
- Log in to the database as an administrator and run the following command to check which client IP addresses are allowed to connect to the database for the target user:
- The password is incorrect.
Cause: The password of the user is incorrect.
Solution:
- Check whether the target password is correct. Because the password is used for identity authentication, the user password cannot be read from GaussDB(for MySQL) in plain text. However, you can compare the hash string with the PASSWORD function value of the target password to check whether the target password is correct. The following is an example of SQL statements:
mysql> SELECT Host, User, authentication_string, PASSWORD('12345') FROM mysql.user WHERE User='test'; +-----------+------+-------------------------------------------+-------------------------------------------+ | Host | User | authentication_string | PASSWORD('12345') | +-----------+------+-------------------------------------------+-------------------------------------------+ | % | test | *6A23DC5E7446019DC9C1778554ED87BE6BA61041 | *00A51F3F48415C7D4E8908980D443C29C69B60C9 | +-----------+------+-------------------------------------------+-------------------------------------------+ 2 rows in set, 1 warning (0.00 sec)The preceding example shows that the hash value of PASSWORD('12345') does not match the authentication_string field, indicating that the target password 12345 is incorrect.
- To reset the user password, run the following SQL statement:
set password for 'test'@'%' = 'new_password';
- Check whether the target password is correct. Because the password is used for identity authentication, the user password cannot be read from GaussDB(for MySQL) in plain text. However, you can compare the hash string with the PASSWORD function value of the target password to check whether the target password is correct. The following is an example of SQL statements:
- The password contains special characters and is escaped by Bash.
Cause: In the default Bash environment of Linux, when the CLI is used to connect to a database, special characters in the password will be escaped by the environment. As a result, the password becomes invalid.
For example, in the Bash environment, the password of user test is test$123. When you run the mysql -hxxx -u test -ptest$123 command to connect to a database, the error message "ERROR 1045 (28000): Access denied" will be displayed.
Solution: Enclose the password in single quotation marks to prevent Bash from interpreting special characters.
mysql -hxxx -u test -p'test$123'
- REQUIRE SSL is configured for the user, but the client uses a non-SSL connection.
Troubleshooting:
- Run the show create user 'xxx' command to check whether the user must use the SSL connection. If the REQUIRE SSL attribute is displayed, the user must use the SSL connection.
- Check whether statements similar to the following have been used to grant permissions to the user:
GRANT ALL PRIVILEGES ON . TO 'ssluser'@'localhost' IDENTIFIED BY 'password' REQUIRE SSL;
- Check the ssl_type value of the target user. If the value is not empty, the user must use SSL.
SELECT User, Host, ssl_type FROM mysql.user WHERE User='xxx';
Solution:
- Connect the client to the database in SSL mode. For details, see SSL Connection.
- Run the ALTER USER 'username'@'host' REQUIRE NONE; command to remove the SSL permission from the user.
Parent topic: Connection Issues
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
